4.6c to Netweaver Security

Can anyone describe the leap in logic/function for Security? I just
found out from one of our BASIS guys that 01/01/2008 is the start date
for implementing a sandbox instance with 04/01/2008 being Day One of the
DEV environment. If I'm going to need training over and above the years
I have already under my belt I'd best get started on booking training in
November, right?

Popular White Paper On This Topic

Chris, your reply is invaluable! We already have a custom portal in
place but from your comments I can see that it could very well be that
the company will be going in the direction of having the SAP portal be
THE means of access for all of our "stuff". As always, security is the
last to know and the first to be needed. C'est la guerre!

Hi, some training on NetWeaver from a security perspective is probably a
good idea if you are only really familiar with abap-stack security. The
Java components of Portal and XI will certainly be a change, and while (in
my experience of Portal at any rate) they are not technically challenging
once you understand the overall concepts and framework, they do introduce
a whole bunch of grey areas into the security space. To give you just a
few examples of what I mean in the case of Portal...

1) The development of roles in Portal starts to blur the boundaries
between your security team and application developers as a lot of the
building of the roles is not just about what iViews and back-end SAP
transactions you secure within your roles. It gets into the whole
positioning of iViews, links to other web content and tools and the look
and feel of the application much much more than was ever the case with the
menu launch pad in abap-based systems. You really need to think about who
is going to own what work and where the whole split between look-and-feel
type changes lies, your standards around what content you put at what
level to ensure a homogenous and intuitive user experience etc...

2) You will probably be using the portal as a Single Sign-on environment
so you'll need to look at what you hook into the user persistence layer of
the UME, be it an R/3 system or directory server or whatever to ensure
that you are not spending a lot of overhead providing basic functionality
to pretty much the whole company on a 1 by 1 basis - there are no upload
or automation tools that I know of for mass user admin in portal.

3) You'll need to think about what the impact will be on the request and
approvals process for access. A lot of this depends on how close you want
to get to the SAP vision that NetWeaver portal will be the single point of
entry for a whole world of different systems with iViews pointing to all
kinds of non-SAP applications etc. Depending on how security
administration is organised in your company, and how system-savvy your end
users are you may need to look at putting a structure in place to be able
to manage cross application requests for access in a world where end users
may have no idea about the back-end systems that they need access to
behind the iViews on the portal page...

Just a few short and longer term issues to be aware of and really you need
some detailed training on the solution to be able to start working them
through...

In addition to Chris' suggestions below, new NetWeaver solutions such as
BI 7.0 have their own portal to function within a Federated Portal
Network (FPN). This brings added complexity and will introduce
challenges to traditional Security Administration models, tools and
organizational structures. As an example, SAP Security and Network
Security teams will have to work together and closer that ever before.

For training, I would recommend ADM200 and EP200. Both courses cover a
good portion of the NetWeaver 2004s and Java security models.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.